Pippa Middleton’s iCloud account was hacked stealing round 3,000 private photographs. The Sun said it had been approached by someone using a pseudonym and asking for £50,000 within 48 hours. IT security experts commented below how people, royalty or not, can secure their iCloud accounts and stay safe online.
Javvad Malik, Security Advocate at AlienVault:
“The main thing is for people to remember to secure their cloud storage platforms well. In addition to choosing a strong password, most websites offer additional security features such as notifications whenever the account is logged onto, or enabling two step verification.”
Javvad made a video about photos in the cloud a while back.
Mark James, Security Specialist at ESET:
“Having your smartphone with you to take pictures is pretty much accepted as a way of life these days. Technology enables us to have access to data on the move but the more we use and interact with this technology the more we have a need to store that information remotely. If you use an iPhone then the chances are all your data automatically replicates into the cloud. This is great if you ever lose your phone or if your budget only allows the basic handset with the smallest memory (typically 8, 16 and now 32GB with iPhone 7) but if you use it regularly then you will have a fairly substantial cloud presence.
This leads to another problem, your security as always is in the hands of others. Apple will of course do all they possibly can to protect your data but you are responsible to help them with that task. Ensuring your password is fairly complex and definitely not used on any other site should be the basics. I appreciate it’s hard to remember all those logins but with the plethora of password managers available these days it is much easier to manage. Also consider Apple’s two-step verification, this will form a third aspect of security above your username and password for signing into your Apple ID account page, signing into iMessage, FaceTime, Game Centre or iCloud from a new device and protect any attempt to make purchases from Apple. Whenever you do any of the above you will be required to enter a code sent to your registered device so even if your username and password are compromised they won’t be able to access your account and thus your private data stays private.”
Brian Spector, CEO at MIRACL:
“Although this is another horrible invasion of celebrity privacy, maybe at least the hack of Pippa’s iCloud account will remind the general public about the vulnerability of all our digital data.
All users, celebrities or not, need to be aware of the value of their personal data on the web, and take steps to protect it. Choosing complex passwords and avoiding using the same password for multiple sites is helpful, but it’s hardly user-friendly. The underlying issue is that the username and password system is old technology that simply cannot secure the deep information and private services that we all store and access online today. Ultimately online services need to protect their users more effectively by replacing the password with a more secure and usable solution.”
Tim Erlin, Director, Product Management, Security and IT Risk Strategist at Tripwire:
“While everyone should be cautious, celebrities in particular need to be wary about storing their personal information outside of their control. It’s incredibly easy to put your photos into the cloud, but once they leave your device, they are no longer entirely under your control. The blending of devices and the cloud has resulted in a blurry line between what you actually have and what you have access to. In many cases, the experience of actual possession and that of access are nearly identical.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.